启用 CORS Apache Tomcat 7.0.52
Enable CORS Apache Tomcat 7.0.52
我一直在尝试在我的 Microsoft Azure Apache Tomcat 服务器上启用 CORS,我已经尝试了很多技术,但我仍然无法启动 CORS 和 运行。我已将其添加到 web.xml 文件中,但没有成功启用它。
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
</init-param>
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.preflight.maxage</param-name>
<param-value>10</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
我一直收到错误消息:
XMLHttpRequest cannot load url&output=json. No
'Access-Control-Allow-Origin' header is present on the requested
resource. Origin 'http://url.net' is therefore not allowed access.
关于如何快速实现这一点有什么建议吗?我一直在网上查看大量资源,但不幸的是我无法使用它。期待您的建议。
您的 web.xml
看起来不错,所以我希望它确实按要求设置了响应 header(您的问题并没有明确说明)。
但是在某些现代浏览器(Chrome、Firefox 等)上,您会发现它们不允许通配符来源:
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
相反,您需要指定预期的域,以提高安全性:
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>http://otherdomain.com</param-value>
</init-param>
有用的是,来源列表可以用逗号分隔:
A * can be specified to enable access to resource from any origin.
Otherwise, a whitelist of comma separated origins can be provided. Eg:
http://www.w3.org, https://www.apache.org. Defaults: * (Any origin is
allowed to access the resource)
来源:https://tomcat.apache.org/tomcat-7.0-doc/config/filter.html
我一直在尝试在我的 Microsoft Azure Apache Tomcat 服务器上启用 CORS,我已经尝试了很多技术,但我仍然无法启动 CORS 和 运行。我已将其添加到 web.xml 文件中,但没有成功启用它。
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
</init-param>
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.preflight.maxage</param-name>
<param-value>10</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
我一直收到错误消息:
XMLHttpRequest cannot load url&output=json. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://url.net' is therefore not allowed access.
关于如何快速实现这一点有什么建议吗?我一直在网上查看大量资源,但不幸的是我无法使用它。期待您的建议。
您的 web.xml
看起来不错,所以我希望它确实按要求设置了响应 header(您的问题并没有明确说明)。
但是在某些现代浏览器(Chrome、Firefox 等)上,您会发现它们不允许通配符来源:
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
相反,您需要指定预期的域,以提高安全性:
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>http://otherdomain.com</param-value>
</init-param>
有用的是,来源列表可以用逗号分隔:
A * can be specified to enable access to resource from any origin. Otherwise, a whitelist of comma separated origins can be provided. Eg: http://www.w3.org, https://www.apache.org. Defaults: * (Any origin is allowed to access the resource)
来源:https://tomcat.apache.org/tomcat-7.0-doc/config/filter.html